Attachments not Delivered by MailScan!
The attachment(s) that you sent with the following mail was deleted by MailScan (not delivered to the recipient) == The Mail came from: [EMAIL PROTECTED] The Mail recipient: [EMAIL PROTECTED] Subject of the Mail : A new website Message-ID: [EMAIL PROTECTED] The following attachments were deleted: Attachment: CLASS.EXE == Use MailScan on your EMail Servers for maximum protection from Internet-borne viruses.
Re: What email encryption is actually in use?
at Monday, November 04, 2002 2:28 AM, Tim May [EMAIL PROTECTED] was seen to say: Those who need to know, know. Which of course is a viable model, provided you are only using your key for private email to those who need to know if you are using it for signatures posted to a mailing list though, it just looks silly. You, I've never seen before. Even if you found my key at the Liberal Institution of Technology, what would it mean? it would at least give us a chance to check the integrity of your post (what a sig is for after all) and anyone faking your key on the servers would have to prevent you ever seeing one of your own posts (so that you can't check the signature yourself) Parts of the PGP model are ideologically brain-dead. I attribute this to left-wing peacenik politics of some of the early folks. The Web-of-Trust model is mildly broken - all you can really say about it is that it is better than the alternatives (X509 is not only badly broken, but badly broken for the purpose of hierachical control and/or profit) In the current case, one reason to sign important posts is to establish a pattern of ownership for posts, independent of real-world identity. If I know that posts a,b c sent from nym x are all signed, I will be reasonably confident that key y is owned by the normal poster of nym x. that I don't know who that is in meatspace is pretty irrelevant. Where both systems break down is when trying to assert that key y is tied to anything but an email address (or possibly a static IP). There is little to bind a key to anything or anyone in the real world, unless you meet in person, know each other reasonably well (if only via third parties that can identify you both) and exchange fingerprints. in fact, WoT is simply an attempt to automate this process offline, so that you can be introduced to someone by a third party without all three of you having to meet; you still have to make a value judgement based on how sure you are about the third party's reliability and how confident they seem about the identity of x - however in the real world, both of those are vague, hard-to-define values and in the WoT they are rigid (you have a choice of two levels of trust for an introducer, and no way to encode how much third parties should rely on your identification)
F.R.E.E. Star Wars poster bonus.
Star Wars Episode II Sticker Collection! This official Star Wars Attak of the Clones Collection containes 1 box of 100 packs, with6 different sticker cards per pack. A total of 600 sticker cards in all! Sticker Cards also features your favorite characters from Star Wars Episode4-5 and 6! Plus, 1 official 8 1/2" x 11 3/4" full color Star Wars Episode II 40 page binder designed to hold your Star Wars Attack of the Clones Sticker cards! Special Bonus: FREE Star Wars pullout poster (measuring a full 23" x 33")! Perfect for Display! Never released for sale to the U.S. buying public! A MUST for anyStar Wars fan! Click here for more information! You received this message because you are on a preffered list, reference swee2234545. If you received this message in error, and if you no longer wish to receive e-mails from us please click on the following link. Take me off your list! 1-(866) 667-5399 RAI PO BOX 72905 Richmond, VA 23235-8022
EXTREMLY URGENT.
EXTREMLY URGENT. on tel:234-803-3375426, FROM MR Frank Donald Dear Sir, This letter was borne out of my sincere desire to establish a business /transfer of money in your account. My name is Mr. Frank Donald a friend of Dr. Useni Dauda ( the former minister of work and finance (FMWF) under the ousted civilian government) sadly this man died after a brief illness on the 22nd of June 2002 in Mexico her wife told me that his husband has an account that worth $25,500,000.00 ( Twenty Five Million, Five Hundred US Dollar) in the Security Company, As an evidence, she have handed over the credentials of this account to me and as a tradition demand, after the burial of his husband which will come up on the 1st of September 2003, his immediate brother will take care of his properties and his establishments not his wife. He have only one son and as a boy of Twenty Two years old, his mother and one of my collies who is a Senior Police Commissioner have concluded arrangement to transfer this money to any foreign partner, who can not hurt peoples feeling because of greed, Sir please this is this boy's last hope hence my aim of writing to you. Be reassure that this transaction is risk free and we are in this deal with TWO Commissioner of Finance whom with the position will cover the remittance to you with a drug/laundry free certificate from High Court of Affidavits if you are interested. We have agreed to offer you 30% of the total fund as your remuneration in this transaction and 10% has been set aside to carter for all expenses incurred in the process of transferring this money into your account. Please, we have to do this as soon as possible to enable us transfer this money in your account before the burial of Dr. Useni Dauda so that this boy and her mother will not miss this money, please this is their last hope and what they are going to achieve from this man if this is done.Please, if you are interested in this transaction, please contact me immediately through this E-mail address. NB. You must maintain absolute confidentiality to ensure success in this transaction and immediately you reply this email, I will now give you all the details about this account. Best Regards, Mr.Frank Donald. on tel:234-803-3375426, Go Where the Best Things in Life are FREE! http://www.freeonline.com - Express yourself with a super cool email address from BigMailBox.com. Hundreds of choices. It's free! http://www.bigmailbox.com -
Insight on the News Email Edition
INSIGHT NEWS ALERT! New stories from Insight on the News are now online. http://www.insightmag.com/ ... Folks, tomorrow is election day. Its impossible to talk about the merits of American democracy and freedom expressed by people like you, who use their right to vote without lapsing into some kind of cliché. So I wont ask you to look at Cuba, Iraq, Iran, Saudi Arabia, North Korea, China, Syria or every other unpleasant place to exist in the world. And I wont ask you what the difference is between there and here. That would be trite. Just vote tomorrow! You already know why. And speaking of the election, weve got some dandy stories posted on the subject today. Scott Wheelers expose of how a bunch of Washington political types commandeered an Air Force transport without authorization got a lot of attention. http://www.insightmag.com/news/311012.html And Jennifer Hickey has answered a lot of fascinating questions about why Walter Mondale decided to become undead just in time for Halloween. http://www.insightmag.com/news/312890.html These along with some sterling reporting on Saddam, Iran, al-Qaeda, and the rest. Just look below. Thats it for today. Until next time, Im still in the Bunker, and I remain your newsman in Washington. ... AL-QAEDA FINDS A FRIEND IN IRAN Martin Arostegui reports that Iran continues to provide a western haven for al- Qaeda terrorists fleeing Afghanistan, even as the U.S. military attempts to cut off southern escape routes to Pakistan http://www.insightmag.com/news/308366.html ... CAN A WIMP DISARM SADDAM? Peter Ahlmark writes that war and peace depends on Hans Blix, a man repeatedly duped by the Iraqi regime. http://www.insightmag.com/news/312294.html FOR THE RIGHT KIND OF ELECTION NIGHT COVERAGE StopDemocrats.com Why watch Dan, Peter, or Tom tip a race on election night? Go to our website and get the kind of coverage you need. Were tracking every race and story and watching out for the good guys. Our Online Radio broadcast starts at 8:00 sharp on November 5. And you can visit and track the big stories any time. See you election night! http://www.StopDemocrats.com MAKING HAY OFF PAUL WELLSTONE Jennifer Hickey writes that the Minnesota senator's passing was observed with unseemly bickering, not deserved respect. http://www.insightmag.com/news/311045.html ... MONDALE BLASTING IN FROM THE PAST Jennifer Hickey says the world has changed, but has Walter Mondale? http://www.insightmag.com/news/312890.html ... THE COLOR OF VOTES Jennifer Hickey tells us that a new survey shows the black vote is more complex than typically portrayed. http://www.insightmag.com/news/312669.html .. WINNING THE ECONOMIC WAR ON TERROR Michael Waller tells us that Ronald Reagan personally crafted a security-minded economic strategy that toppled the Soviet Union a blueprint George W. Bush could use to defeat terrorists. http://www.insightmag.com/news/307121.html MORE KIND WORDS ABOUT INSIGHT MAGAZINE THOROUGHLY ENJOY YOUR MAGAZINE. AFTER reading it for a while I decided to cancel my subscription to USNWR, which I had subscribed to for some 55 years. -- E.D.P., Mt. Pleasant, South Carolina INSIGHT -- DISCOVER US FOR YOURSELF https://www.collegepublisher.com/insightsub/subform1.cfm You have received this newsletter because you have a user name and password at Insight on the News. To unsubscribe from this newsletter, visit http://www.insightmag.com/main.cfm?include=unsubscribe;. You may also log into Insight on the News and edit your account preferences on the Web. If you have forgotten or don't know your user name and password, it will be emailed to you after visiting the following link: http://www.insightmag.com/main.cfm?include=emailPasswordserialNumber=16oai891z5email=cypherpunks;ssz.com
cypherpunks@minder.net
Öйú·þÎñÈ«ÇòרҵµÄÓòÃû×¢²áÌṩÉÌ£¬ÏÖÍƳöÖ÷»ú¡¢ÓòÃû×¢²áÓŻݷþÎñ£º ¡°ÌØ»Ý1+1ÆóÒµÉÏÍøÌײ͡±ÊÇÖйú·þÎñÆ÷ÍøÂçÓÐÏÞ¹«Ë¾ÎªÄúÍƳöµÄ³¬Öµ·þÎñ£¬ ¡°ÏÈ·þÎñ£¬ºóÊÕ·Ñ£¡¡±ÄÚÈÝ°üÀ¨£º 30M asp cgi,php +ACCESS Êý¾Ý¿â,Ë͹ú¼Ê¶¥¼¶ÓòÃûÒ»¸ö 250Ôª/Äê (ËÍÎå¸öÓÊÏä) 100M asp cgi,php +ACCESS Êý¾Ý¿â,Ë͹ú¼Ê¶¥¼¶ÓòÃûÒ»¸ö£¬Ö»Ðè 350Ôª/Äê(ËÍÁù¸öÓÊÏä) 200N asp cgi,php +ACCESS Êý¾Ý¿â,Ë͹ú¼Ê¶¥¼¶ÓòÃûÒ»¸ö,Ö»Ðè 600Ôª/Äê ÌØ»Ý1+1ÉÏÍøÌײÍÊÇÆóÒµÉÏÍø£¬ÆóÒµÉÌÎñ»¯µÄÀíÏëÑ¡Ôñ£¬ÏÖÕý»ð±¬Ñ¡¹ºÖÐ ¿ìËÙ¶ÈÉêÇë(Çëµã»÷£©£º http://www.linemail.net/host/index.asp = °Ù¶È¾º¼Û¡¢ÐÂÀËÅÅÃû¡¢ËѺüÅÅÃû¡¢ÍøÒ×ÅÅÃûµÈ·þÎñ£¬Ê¹ÄúµÄÍøÕ¾ÖªÃû¶È´ó´óÌá ¸ß¡£ÏµÁг¬ÖµÔùËÍ·þÎñ£¬²»¿É²»¿´£¡ ÂíÉÏÉêÇë: http://www.linemail.net/special/index.asp == »¶Ó·ÃÎÊÎÒ˾ÍøÕ¾½øÒ»²½Á˽⣺ http://www.linemail.net ÁªÏµµç»°:0592-2180338 ´«Õæ:0592-2516932
cypherpunks@minder.net
Öйú·þÎñÈ«ÇòרҵµÄÓòÃû×¢²áÌṩÉÌ£¬ÏÖÍƳöÖ÷»ú¡¢ÓòÃû×¢²áÓŻݷþÎñ£º ¡°ÌØ»Ý1+1ÆóÒµÉÏÍøÌײ͡±ÊÇÖйú·þÎñÆ÷ÍøÂçÓÐÏÞ¹«Ë¾ÎªÄúÍƳöµÄ³¬Öµ·þÎñ£¬ ¡°ÏÈ·þÎñ£¬ºóÊÕ·Ñ£¡¡±ÄÚÈÝ°üÀ¨£º 30M asp cgi,php +ACCESS Êý¾Ý¿â,Ë͹ú¼Ê¶¥¼¶ÓòÃûÒ»¸ö 250Ôª/Äê (ËÍÎå¸öÓÊÏä) 100M asp cgi,php +ACCESS Êý¾Ý¿â,Ë͹ú¼Ê¶¥¼¶ÓòÃûÒ»¸ö£¬Ö»Ðè 350Ôª/Äê(ËÍÁù¸öÓÊÏä) 200N asp cgi,php +ACCESS Êý¾Ý¿â,Ë͹ú¼Ê¶¥¼¶ÓòÃûÒ»¸ö,Ö»Ðè 600Ôª/Äê ÌØ»Ý1+1ÉÏÍøÌײÍÊÇÆóÒµÉÏÍø£¬ÆóÒµÉÌÎñ»¯µÄÀíÏëÑ¡Ôñ£¬ÏÖÕý»ð±¬Ñ¡¹ºÖÐ ¿ìËÙ¶ÈÉêÇë(Çëµã»÷£©£º http://www.linemail.net/host/index.asp = °Ù¶È¾º¼Û¡¢ÐÂÀËÅÅÃû¡¢ËѺüÅÅÃû¡¢ÍøÒ×ÅÅÃûµÈ·þÎñ£¬Ê¹ÄúµÄÍøÕ¾ÖªÃû¶È´ó´óÌá ¸ß¡£ÏµÁг¬ÖµÔùËÍ·þÎñ£¬²»¿É²»¿´£¡ ÂíÉÏÉêÇë: http://www.linemail.net/special/index.asp == »¶Ó·ÃÎÊÎÒ˾ÍøÕ¾½øÒ»²½Á˽⣺ http://www.linemail.net ÁªÏµµç»°:0592-2180338 ´«Õæ:0592-2516932
Up to $200 free money
Title: GaminglandCasino.com See why Gamingland Casino is the most incredible online casino.Whatever you level, whatever your game, we've got all the casino excitement you're looking for in the comfort of your home! Get Up To $200 FREE! Tha'ts right, we'll match your 1st purchase 100% up to $200! And no waiting...your Free Bonus is credited to your account instantly! Buy $50 Get $50 FREE! Buy $100 Get $100 FREE! Buy $200 Get $200 FREE! Play our Free NO DOWNLOAD quality games with superb graphics sounds. Security Support Gamingland Casino is fully licensed by the Directorate of Offshore Gaming. We provide friendly Customer Support via phone, email fax. GaminglandCasino.com You have received this Newsletter because you, or someone else, is registered to this Email Address with gambling related sites. If you no longer wish to be included in our Email Updates, please click here 9701-18652-1820
NEW STOCK PICK: NVHG - PRCT UP 300%............................................................................................................................................................................ awtb
Did you miss out on PRCT, UP 300%? Here's another pick - Another Short Play CLICK HERE I no longer wish to receive your newsletter click here ajhqwuqvakwfgkqippclsfclpypixhjeflnry
RE: What email encryption is actually in use?
Peter Trei wrote... Durden's question was whether a snooper on an IPSEC VPN can tell (for example) an encrypted email packet from an encrypted HTTP request. The answer is no. All Eve can tell is the FW1 sent FW2 a packet of a certain size. The protocol of the encapsulated IP packet, it's true source behind FW1, it's true destination behind FW2, and the true destination port are all hidden. Yes, this was indeed the gist of my question. I was aware that there are actually hard and soft switches that are aware all the way up to the application layer, apparently (I also know that some softswiches have actually been deployed in RBOC/Baby Bell territory.) But from your previous email, you indicated that the secure IPSEC tunnel is created by taking the packets, encrypting S/A, D/A, payload and protocol fields (ie, pretty much everything) and then dumping them into the payload of another packet, and setting the Protocol field of the parent-packet to IPSEC. All that is now visible are the firewall addresses. That's a lot, methinks! In other words, there's practically a bright red flag sticking up saying I'm encrypted! Look over here!...it's child's play (well, if you consider making an ASIC child's play!) to then look at the S/A and D/a to see if they are interesting. If they belong to the IP spaces of two large companies, for instance, then look elsewhere (though I hear rumors that the NSAs of the world are branching out into industrial eavesdropping for their parent companies, ehr, for their parent countries). If a secure VPN tunnel forms between al-Jazeera's firewall and, say, some ISP near Atlantic Avenue in Brooklyn (heavy Arab community), then all sorts of spyglasses could pop up. Thus, I suspect a lot can be gleaned (and is) from communiques without actually de-encrypting...the philosohpy probably is, why violate civil rights unless we really, really have to? Extract as much as we can without actually de-encrypting, and if the probably of something being interesting is high enough, then we'll send it downstairs to be opened (and even then, determining how hard it is to open the communique might also be of interest...is it legal to open somebody else's email but not read it?) Here's a little quote for ya, since it seems to be the in-thing to do... The revolution is right where we want it: out of our control. (Royal Family and the Poor) From: Trei, Peter [EMAIL PROTECTED] To: [EMAIL PROTECTED], 'Major Variola (ret)' [EMAIL PROTECTED] Subject: RE: What email encryption is actually in use? Date: Mon, 4 Nov 2002 12:58:55 -0500 Major Variola (ret)[SMTP:[EMAIL PROTECTED]] At 10:13 AM 11/4/02 -0500, Tyler Durden wrote: This is an interesting issue...how much information can be gleaned from encrypted payloads? Traffic analysis (who, how frequently, temporal patterns) Size of payload Is it possible for a switch or whatever that has visibility up to layers 4/5/6 to determine (at least) what type of file is being sent? Yes. Modern network equiptment can examine all the way up to layer 7. Can tell that you're sending an .mp3 and will cut your QoS, if that's the policy. Durden's question was whether a snooper on an IPSEC VPN can tell (for example) an encrypted email packet from an encrypted HTTP request. The answer is no. All Eve can tell is the FW1 sent FW2 a packet of a certain size. The protocol of the encapsulated IP packet, it's true source behind FW1, it's true destination behind FW2, and the true destination port are all hidden. Peter _ Unlimited Internet access -- and 2 months free! Try MSN. http://resourcecenter.msn.com/access/plans/2monthsfree.asp
ÓÃemail×ö¹ã¸æ,ÎÒÓÐÈ«¹úemailµØÖ·¿âÊýǧÍò,»¶Ó¶©¹º,¸½ËÍÓʼþ¼«ËÙȺ·¢Èí¼þ(ÂÌÉ«Èí¼þ²»Ðë°²×°,²»ÐësmtpÉèÖÃ),½¨ÍøÕ¾880Ԫȫ°üÆð.
¸óÏÂ:Èç¹ûÄúÐèҪͨ¹ýemail×ö¹ã¸æ,ÎÒ¿ÉÒÔΪÄãÌṩemailµØÖ·¿â,¼Û¸ñ:500ÍòÓÊÖ·650Ôª,¸½ËÍÃÀ¶ûÍøÂçÓʼþ¼«ËÙȺ·¢Íõ(ÂÌÉ«Èí¼þ²»Ðë°²×°,²»ÐësmtpÉèÖÃ)¡£µ±Ìì½»»õ,»¶Ó¶©¹º,µç»°:0755-82483730,ÁªÏµÈË:ÑîÉú,ÍøÖ·:www.99aa.com ½¨ÍøÕ¾880Ԫȫ°üÆð(Ò»¸ö¹ú¼ÊÓòÃû,100MÍøÕ¾¿Õ¼ä,4Ò³ÍøÒ³),ÏêÇéÇë·ÃÎÊ:www.99aa.com Èç¹û¸óϲ»ÐèÕâЩ·þÎñ,ÄÇÎÒÒ»¶¨ÊÇ´òÈÅÄúÁË,ÇëÔÁ²¢É¾³ýÖ®,лл£¡
RE: What email encryption is actually in use?
Tyler Durden[SMTP:[EMAIL PROTECTED]] wrote But from your previous email, you indicated that the secure IPSEC tunnel is created by taking the packets, encrypting S/A, D/A, payload and protocol fields (ie, pretty much everything) and then dumping them into the payload of another packet, and setting the Protocol field of the parent-packet to IPSEC. All that is now visible are the firewall addresses. That's a lot, methinks! In other words, there's practically a bright red flag sticking up saying I'm encrypted! Look over here!...it's child's play (well, if you consider making an ASIC child's play!) to then look at the S/A and D/a to see if they are interesting. If they belong to the IP spaces of two large companies, for instance, then look elsewhere (though I hear rumors that the NSAs of the world are branching out into industrial eavesdropping for their parent companies, ehr, for their parent countries). If a secure VPN tunnel forms between al-Jazeera's firewall and, say, some ISP near Atlantic Avenue in Brooklyn (heavy Arab community), then all sorts of spyglasses could pop up. The title of this thread is What email encryption is actually in use?. I posted that a lot intra-company email often goes over encrypted VPNs between worksites, and that this should be considered in trying to figure out how much email is encrypted. After some back and forth to educate you on how IPSEC tunneling works, you now understand, but it turns out that that was not what you were interested in. VPNs no more raise a red flag than does any other form of encrypted communication without steganography. If your threat model includes end-point identification, then use alt.anonymous.messages. If traffic analysis is also a worry, use stego. VPNs are probably responsible for more encrypted traffic than anything else on the net, and meet corporate threat models very well. If your threat model is different, you may need a different solution. Peter Trei
CARDIS '02 - 5th Smart Card Research and Advanced Application Conference
Dear colleague - I'd like to invite you to attend the 5th Smart Card Research and Advanced Application Conference, November 21-22 in San Jose, CA. http://www.usenix.org/events/cardis02/ CARDIS '02, the joint IFIP/USENIX International Conference on Smart Card Research and Advanced Applications, will bring together researchers and practitioners in the development and deployment of smart card systems and technologies. This two-day conference features: Keynote speaker Vincent Cordonnier, LIFL; 14 refereed papers; panel discussions; Work-In-Progress reports as well as ample opportunities to informally interact with fellow attendees and speakers. Unlike events devoted to commercial and application aspects of smart cards, the CARDIS conferences bring together researchers who are active in all aspects of the design, validation, and application of smart cards. The breadth of smart card research stimulates a synergy among disparate research communities, making CARDIS an ideal opportunity to explore and learn from the latest research advances. We hope you will join us in San Jose. On behalf of the program committee - Peter Honeyman, CITI, University of Michigan CARDIS '02 Program Chair -- Alex Walker Production Editor USENIX Association 2560 Ninth Street, Suite 215 Berkeley, CA 94710 510/528-8649 x33
RE: Sending bricks through the mail
I think this is what you're looking for: http://www.improb.com/airchives/paperair/volume6/v6i4/postal-6-4.html At 11:17 PM 11/3/02 +0100, Thoenen, Peter Mr. EPS wrote: Tried emailing direct but bounced so apologize to the list for the OT content :) You don't happen to have the url do you? Think it would make an amusing read.
Re: What email encryption is actually in use?
On Sun, Nov 03, 2002 at 11:23:36AM -0800, Tim May wrote: - -- treat text as text, to be sent via whichever mail program one uses, or whichever chatroom software (not that encrypted chat rooms are likely...but who knows?), or whichever news reader software http://www.invisible.net is sort of an encrypted chatroom. -- Windows, Icons, Mice and Pointers. A jedi craves not these things.
traffic analysis of VPN/secure tunnels (Re: What email encryption is actually in use?)
On Mon, Nov 04, 2002 at 12:58:55PM -0500, Trei, Peter wrote: Durden's question was whether a snooper on an IPSEC VPN can tell (for example) an encrypted email packet from an encrypted HTTP request. The answer is no. All Eve can tell is the FW1 sent FW2 a packet of a certain size. The protocol of the encapsulated IP packet, it's true source behind FW1, it's true destination behind FW2, and the true destination port are all hidden. An external obseverer being able to tell the time of exchange or percentage of traffic which is email vs http through a VPN probably isn't a big deal to most people. But if someone did care, it may be that you could have some probabilistic indication of whether the traffic is email or http (or other distinctions) based on the size of the packets, the timing that kind of thing. As there are different internal originating-points (mail hub, vs desktop/desktop+proxy cache), probably aspects of the hardware, TCP stack and application performance and behavior would leave some still recognizable performance and IP packet size signature. A more direct traffic-analysis type of risk is interactive session protocols like telnet, perhaps some chat programs where the characters are sent as they are typed. In this scenario it may be that an attacker could reconstruct the plaintext by analysing typing characteristics. (There was a paper about this risk for interactive sessions over SSH published a while back -- don't have the reference handy, probably google could find it). Another related type of risk is that SSL does not necessarily obsecure the page requested as the request and/or response may have unique, predictable and publicly measurable size uniquely identifying the document requested. Adam -- http://www.cypherspace.org/adam/
NYT: commercial quantum-key-distrib soon
A New Cryptography Uses the Quirks of Photon Streams By JOHN MARKOFF he quirky world of quantum physics, where mathematical elements can hold multiple values and objects can be in several places at once, is heading toward commercial products. A start-up company, MagiQ Technologies, plans to announce today a cryptogaphy or code system that uses a technology called quantum key distribution to thwart eavesdropping on a fiber optic communication channel. The company, based in New York, says it has a working model of its system and will have a commercial version available in the second half of next year. snip http://www.nytimes.com/2002/11/04/technology/04QUAN.html
RE: What email encryption is actually in use?
Tim May[SMTP:[EMAIL PROTECTED]] On Saturday, November 2, 2002, at 08:01 PM, Tyler Durden wrote: Prior to that, the encrypted email I've sent in the past year or so has almost always failed, because of version incompatibilities, While in Telecom I was auditing optical transport gear, and we adopted the practice of encrypting all of our audit reports to vendors. Of course, the chance of there being an eavesdropper (uh...other than NSA, that is) was a plank energy above zero, but it gave the vendors the imporession we really cared a lot about their intellectual property (if we determined a problem with their equipment, and if that info ever leaked, it could have a major impact on them). When I was at Intel we sent our designs for microprocessors to European branches and/or partners. One set of designs sent to MATRA/Harris, a partner in the 80C86, was stolen in transit. (The box of tapes arrived in Paris, but the tapes had been replaced by the suitable weight of bricks.) I suspect that there is a fair amount of encrypted mail flowing over the net which is not obvious to ISPs. It's internal mail of large corporations. Many corps maintain VPNs between their offices, with encryption handled at the firewall. A great deal of highly sensitive internal email flows over these links, with the encryption totally transparent to the end-users. Of course, this is just internal stuff. The external mail is as open as everyone's been saying. Peter Trei
RE: Flight security analysis (was Re: Confiscation of Anti-War Vi deo)
-- From: Major Variola (ret)[SMTP:[EMAIL PROTECTED]] Sent: Friday, November 01, 2002 6:02 PM To: [EMAIL PROTECTED] Subject: Re: Flight security analysis (was Re: Confiscation of Anti-War Video) At 05:16 PM 11/1/02 -0500, Steve Furlong wrote: But Maj Variola made a questionable point, too: At 30K feet, you have about half a minute before you pass out I just tested that, sort of. I emptied my lungs, then lifted weights for 30 seconds. It was a little painful toward the end, but I didn't grey out or anything. I was unable to find my ref. But I also know that muscles can work anaerobically; also that asphyxiation-feeling is from too much CO2, not a lack of O2. Also, you can't really empty your lungs. I once saw a show about medicine. In it, an M.D. rebreathed his own CO2-scrubbed air as he wrote the alphabet, on camera. Halfway through he started scribbling incoherently and fell over, unawares. (There were assistants to save him.) FWIW I did this something similar once myself, in high school biology (this was in Britain, so there were no bullshit concerns over liability). Two students, one rebreathing scrubbed air, the other (me) unscrubbed (ie, I was rebreathing my own CO2). I kept going about 2 minutes before I started to black out. Analysis of the air showed that it still had substantial oxygen content, but the CO2 level had tripled. My partner, who rebreathed CO2 scrubbed air, kept going for 7 or 8 minutes before stopping, and had used a much higher fraction of the O2. It turns out that CO2 has substantially higher affinity for haemoglobin than does O2, so the CO2 was suffocating me even in the presence of ample oxygen. Carbon monoxide has an even higher affinity, which is why it's so poisonous. Peter Trei
RE: Katy, bar the door
Major Variola (ret)[SMTP:[EMAIL PROTECTED]] When that trucker kamakazi'd into the state capital in Sacramento last year, they decided to put Jersey barriers up. Hard to do that in the air (Blimps with nets?) The name for these is 'barrage balloons'. They were widely deployed during WW2 against dive bombers and ground-attack fighters. I suspect they are less useful today for this purpose, due to the increased distances of attack, but they might make life harder for cruise missiles and other UAVs. Plan to see them over Baghdad. Peter Trei
DISCOUT GAS
GasUpUSA: http://www.polishukenterprises.gasupusa.com/ CHECK OUT THIS OFFER!
RE: What email encryption is actually in use?
The ever-though-provoking Peter Trei wrote... A great deal of highly sensitive internal email flows over these links, with the encryption totally transparent to the end-users. This is an interesting issue...how much information can be gleaned from encrypted payloads? Is it possible for a switch or whatever that has visibility up to layers 4/5/6 to determine (at least) what type of file is being sent? Can it determine at what layer encryption was performed? (These may be obvious to many of you, but I can only claim expertise in layers 0/1, and pieces of 2. Ok, I have a working knowledge of 3.) It may be possible for hardware that examines large numbers of communiques to pre-determine that much is of no interest. From: Trei, Peter [EMAIL PROTECTED] To: [EMAIL PROTECTED], 'Tim May' [EMAIL PROTECTED] Subject: RE: What email encryption is actually in use? Date: Mon, 4 Nov 2002 09:37:59 -0500 Tim May[SMTP:[EMAIL PROTECTED]] On Saturday, November 2, 2002, at 08:01 PM, Tyler Durden wrote: Prior to that, the encrypted email I've sent in the past year or so has almost always failed, because of version incompatibilities, While in Telecom I was auditing optical transport gear, and we adopted the practice of encrypting all of our audit reports to vendors. Of course, the chance of there being an eavesdropper (uh...other than NSA, that is) was a plank energy above zero, but it gave the vendors the imporession we really cared a lot about their intellectual property (if we determined a problem with their equipment, and if that info ever leaked, it could have a major impact on them). When I was at Intel we sent our designs for microprocessors to European branches and/or partners. One set of designs sent to MATRA/Harris, a partner in the 80C86, was stolen in transit. (The box of tapes arrived in Paris, but the tapes had been replaced by the suitable weight of bricks.) I suspect that there is a fair amount of encrypted mail flowing over the net which is not obvious to ISPs. It's internal mail of large corporations. Many corps maintain VPNs between their offices, with encryption handled at the firewall. A great deal of highly sensitive internal email flows over these links, with the encryption totally transparent to the end-users. Of course, this is just internal stuff. The external mail is as open as everyone's been saying. Peter Trei _ Choose an Internet access plan right for you -- try MSN! http://resourcecenter.msn.com/access/plans/default.asp
Brinspoon for the UKSTASI.
Mayday 2002The Metropolitan Police are seeking your help to identify and trace the suspects pictured here. During the past three years, major anti-capitalist demonstrations have taken place in Central London on May Day. A determined minority in these protests have set out to cause major disruption and commit criminal offences including violent disorder and substantial criminal damage. Members of the public and police officers have also been injured in these disturbances. Despite extensive inquiries, which have resulted in a number of successful prosecutions, the Metropolitan Police has still to identify and trace a number of individuals believed to be involved in committing these offences and is seeking your help to do so. Anyone with information about the identity or whereabouts of any of the people pictured here is asked to call the Public Order Team on 020 7239 7329 or Crimestoppers on 0800 555111. http://www.met.police.uk/appeals/mayday/mayday2002.htm Would the CoDC please reconsider their policy on DoS?
[±¤°í] ¾Æ·¡ ¼±¹°À» 100% µå¸³´Ï´Ù..½ÅûÇϼ¼¿ä...!!!
Title: Untitled Document ¿øÇϽô °æÇ°À» ¼±ÅÃÇϽÅÈÄ µå¸²·ÐÆнº ½ÅûÇϱ⸦ ´©¸£¼¼¿ä. »ó±â °æÇ°Àº Á¶±â Ç°Àý µÉ ¼ö ÀÖÀ¸¸ç, ¹è¼ÛÀÌ ´Ù¼Ò Áö¿¬ µÉ ¼ö ÀÖ´Â °æÇ°ÀÌ ÀÖ½À´Ï´Ù. °æÇ°Àº Ä«µå¿Í´Â º°µµ·Î ¹ß¼ÛÇÕ´Ï´Ù.°æÇ°°ú °ü·ÃµÈ ¸ðµç ¹®ÀÇ´Â ¹®ÀÇÀüÈ : 02-3275-1230 / ¹®ÀÇ ¸ÞÀÏ : [EMAIL PROTECTED] Copyright ¨Ï 2002 HYUNDAI CAPITAL SERVICES, Inc. All rights reserved.
RE: Intel's LaGrab
On Sun, 3 Nov 2002, Lucky Green wrote: Tim wrote: Microsoft calls its technology Palladium. Intel dubs it LaGrande. I say we call it LaGrab. Has anybody on the list seen any official specs, datasheets, etc. for Intel's LaGrande feature set? Any documents that could be donated to Cryptome's collection? So far, all I have been able to locate are vague press releases, marketing blather, and wild-eyed promises of hack-proofing computers. I didn't think any of it was near finalized yet. Even the comments here from people working close to it indicate it isn't finished. I suggest LaGrande Screw. Once in place, it will be pretty easy for Microsoft to screw everyone who owns a Paladium machine! Patience, persistence, truth, Dr. mike
Re: What email encryption is actually in use?
at Monday, November 04, 2002 3:13 PM, Tyler Durden This is an interesting issue...how much information can be gleaned from encrypted payloads? Usually, the VPN is an encrypted tunnel from a specified IP (individual pc or lan) to another specified IP (the outer marker of the lan, usually the firewall/vpn combo box but of course that function can be split if needs be) sniffers can usually catch at least some of the initial login - normally a host name or user name is passed unencrypted as part of the setup - but any actual mail traffic will be indistinguishable from any other traffic; it is encapsulation of IP packets in an outer encrypted wrapper. similar statements can usually be made for Zeb, SSH and other similar tunnels - each encapsulates a low level (almost raw in the case of strict tunnels like zeb or ssh) packet passing tunnel in a crypto skin.
Blacknet hits the trade press
EWeek 21 Oct 2002 p 58, High-tech products invite tech crimes P. Coffee Writing about a consultant who tried to sell a client's software, and got busted: Next time, a code theif may use a BlackNet brokerage (as envisioned in the widely circulated essay by Timothy May) to avoid such traps. [He is commenting on whereas stolen chips are valuable to many, stolen software is valuable only to a few...]
RE: What email encryption is actually in use?
-- From: Tyler Durden[SMTP:[EMAIL PROTECTED]] Sent: Monday, November 04, 2002 10:13 AM To: [EMAIL PROTECTED] Subject: RE: What email encryption is actually in use? The ever-though-provoking Peter Trei wrote... A great deal of highly sensitive internal email flows over these links, with the encryption totally transparent to the end-users. This is an interesting issue...how much information can be gleaned from encrypted payloads? Is it possible for a switch or whatever that has visibility up to layers 4/5/6 to determine (at least) what type of file is being sent? Can it determine at what layer encryption was performed? (These may be obvious to many of you, but I can only claim expertise in layers 0/1, and pieces of 2. Ok, I have a working knowledge of 3.) It may be possible for hardware that examines large numbers of communiques to pre-determine that much is of no interest. Most the ones I've seen are IPSEC over IPv4. You might be able to glean some info from packet size, timing, and ordering, but not much. IPSEC takes a plaintext IP packet and treats the whole thing as a data block to be encrypted.
RE: What email encryption is actually in use?
Tyler Durden[SMTP:[EMAIL PROTECTED]] writes: Most the ones I've seen are IPSEC over IPv4. You might be able to glean some info from packet size, timing, and ordering, but not much. IPSEC takes a plaintext IP packet and treats the whole thing as a data block to be encrypted. SO this would indicate that IPSEC creates a sort of blockage from seeing up to Layers 4/5/6. Now when you say it takes the IP packet, is this just the datagram or is it also he procotol bytes? (I'm assuming the layer-2 information remains intact.) If the protocol bytes are unencrypted, then there's a LOT that can probably be determined about any IP session. If the protocol bytes are encrypted, then this will ot be a very flexible session, no? (More of a secure pipe I guess.) And then, does IPSEC include specification for MPLS? I would assume that the MPLS header information is not encrypted, simply because the headers have no global significance... It's a pipe. The whole plaintext IP packet, from start to finish, including headers and checksum, gets treated as data, and encrypted. The encrypted packet is the data for a new packet, which goes from one firewall to another (and has only the firewall IP addresses exposed). The packets visible on the outside only tell Eve that firewall A sent firewall B an IPSEC packet of a certain size, with a particular Security Association. (ie, the protocol field says 'this is an IPSEC packet'). A single SA can be used for many, many, internal connections. Check the IPSEC RFCs for more info. Peter Trei
RE: What email encryption is actually in use?
Most the ones I've seen are IPSEC over IPv4. You might be able to glean some info from packet size, timing, and ordering, but not much. IPSEC takes a plaintext IP packet and treats the whole thing as a data block to be encrypted. SO this would indicate that IPSEC creates a sort of blockage from seeing up to Layers 4/5/6. Now when you say it takes the IP packet, is this just the datagram or is it also he procotol bytes? (I'm assuming the layer-2 information remains intact.) If the protocol bytes are unencrypted, then there's a LOT that can probably be determined about any IP session. If the protocol bytes are encrypted, then this will ot be a very flexible session, no? (More of a secure pipe I guess.) And then, does IPSEC include specification for MPLS? I would assume that the MPLS header information is not encrypted, simply because the headers have no global significance... From: Trei, Peter [EMAIL PROTECTED] To: [EMAIL PROTECTED], 'Tyler Durden' [EMAIL PROTECTED] Subject: RE: What email encryption is actually in use? Date: Mon, 4 Nov 2002 11:00:56 -0500 -- From: Tyler Durden[SMTP:[EMAIL PROTECTED]] Sent: Monday, November 04, 2002 10:13 AM To: [EMAIL PROTECTED] Subject: RE: What email encryption is actually in use? The ever-though-provoking Peter Trei wrote... A great deal of highly sensitive internal email flows over these links, with the encryption totally transparent to the end-users. This is an interesting issue...how much information can be gleaned from encrypted payloads? Is it possible for a switch or whatever that has visibility up to layers 4/5/6 to determine (at least) what type of file is being sent? Can it determine at what layer encryption was performed? (These may be obvious to many of you, but I can only claim expertise in layers 0/1, and pieces of 2. Ok, I have a working knowledge of 3.) It may be possible for hardware that examines large numbers of communiques to pre-determine that much is of no interest. Most the ones I've seen are IPSEC over IPv4. You might be able to glean some info from packet size, timing, and ordering, but not much. IPSEC takes a plaintext IP packet and treats the whole thing as a data block to be encrypted. _ Surf the Web without missing calls! Get MSN Broadband. http://resourcecenter.msn.com/access/plans/freeactivation.asp
RE: What email encryption is actually in use?
At 10:13 AM 11/4/02 -0500, Tyler Durden wrote: This is an interesting issue...how much information can be gleaned from encrypted payloads? Traffic analysis (who, how frequently, temporal patterns) Size of payload Is it possible for a switch or whatever that has visibility up to layers 4/5/6 to determine (at least) what type of file is being sent? Yes. Modern network equiptment can examine all the way up to layer 7. Can tell that you're sending an .mp3 and will cut your QoS, if that's the policy. Can it determine at what layer encryption was performed? Various packet classification hardware companies [1] make chips to find fields in headers. (The classification chips pass this info to the NPU) IPsec, SSL are trivial. App-level crypto is easy if the crypto has signatures, like -BEGIN PGP MESSAGE-. Steganography + encryption, however, is pretty tough. The S/N ratio can become useless due to false alarms. The Feds probably have an enormous collection of intercepted arab baby pictures... [1] Here's a blurb from http://solidum.com/products/index.cfm Based on programmable state machine technology and a powerful, openly-distributed pattern description language, our scalable, forward-compatible, and field-upgradable classification processors can be configured to closely inspect packets for vital information up to and including Layer 7. The information collected can then be used to make intelligent routing and switching decisions for service, application, and QoS requirements. This improves the speed, power and efficiency of next generation network processing architectures, facilitates the delivery of content-based services and enables true QoS for differentiated services. --- CALEA: What did you think layer 7 awareness meant?
RE: What email encryption is actually in use?
Major Variola (ret)[SMTP:[EMAIL PROTECTED]] At 10:13 AM 11/4/02 -0500, Tyler Durden wrote: This is an interesting issue...how much information can be gleaned from encrypted payloads? Traffic analysis (who, how frequently, temporal patterns) Size of payload Is it possible for a switch or whatever that has visibility up to layers 4/5/6 to determine (at least) what type of file is being sent? Yes. Modern network equiptment can examine all the way up to layer 7. Can tell that you're sending an .mp3 and will cut your QoS, if that's the policy. Durden's question was whether a snooper on an IPSEC VPN can tell (for example) an encrypted email packet from an encrypted HTTP request. The answer is no. All Eve can tell is the FW1 sent FW2 a packet of a certain size. The protocol of the encapsulated IP packet, it's true source behind FW1, it's true destination behind FW2, and the true destination port are all hidden. Peter
Cute Girls With Animals!
Wowie! Can You Believe These Outrageous Girls?!? TEENS ON THE BARNYARD... THEY ARE SO FRIGGIN HORNY! This email was sent to you because your email address is part of a targeted opt-in list. You have received this email by either requesting more information on one of our sites or someone may have used your email address. If you received this email in error, please accept our apologies. If you do not wish to receive further offers, please click below to remove your email from future offers. Please allow 24 hours for complete removal from our system. Please Remove Me
ADULT ADV: Get the Scoop on ALL of your Favorite Celebrities
Title: Xxxtasy Mail ManWoman WomanMan This message is being sent to you because you are a member of Xxxtasy Mail. To change your subscription please visit: THIS LINK Copyright Protected - All Rights Reserved Copyrights on exclusive images, video and text within this site strictly enforced. All Models were 18 years old or older when photos were taken.
cypherpunks@minder.net
Title: Öйú½ÌÓýÍø »¶ÓÄúµÄºÏ×÷£¡ Èç¹ûÄú²»Ï£ÍûÊÕµ½ÎÒÃǵÄÓʼþ£¬ ÇëËæÊÖɾµô,лл£¡ ¼ªÁÖÌزú¸ßµÈר¿ÆѧУ2003ÄêÕÐÉú¼Æ»® Öйú½ÌÓýÍøÌṩÍøÕ¾´ú½¨£¨°üÀ¨£º²ß»®¡¢ÐÎÏóÉè¼Æ¡¢ÍøÒ³ÖÆ×÷£©¡¢Óò Ãû×¢²á¡¢Ö÷»ú×âÁÞ¡¢ÍøÕ¾ÍƹãµÈһϵÁÐÈ«Ì×·þÎñ£¬¸ù¾Ý¹óԺУµÄʵ¼ÊÐèҪѡÔñÀàÐÍ£º A£º4000Ôª£¨±ê×¼ÐÍ£© B£º6000Ôª£¨ÉÌÎñÐÍ£© C:12000Ôª£¨ºÀ»ªÐÍ£© Êý¾Ý¿â¶©ÖÆ/¿ª·¢¼Û¸ñÁíÒé¡£ ¹ØÓÚ·¢²¼2003Äê¶ÈÈ«¹ú¸÷µØ¸ßУÕÐÉú¼Æ»®µÄ֪ͨ ¸ù¾Ý¹ú¼Ò½ÌÓý²¿Í¨Öª£¬2003ÄêÈ«¹ú¸ß¿¼ÈÕÌá Ç°Ò»¸öÔ¡£¼øÓÚ´Ë£¬¸÷ԺУÕÐÉú¹¤×÷Òª×öÏàÓ¦µ÷Õû¡£Öйú½ÌÓýÍøΪÁËÄܸüºÃµØÅäºÏ¹ó £¨Ôº£©Ð£×öºÃÌáÇ°Ðû´«ÕÐÉú¹¤×÷£¬Èùã´óѧÉú¡¢¼Ò³¤¼°ÔçÁ˽â¹ó£¨Ôº£©Ð£µÄʦ×ÊÇé¿ö£¬Í¬Ê±Ò²ÎªÈøü¶à µÄѧÉúͨ¹ý¡¶Öйú½ÌÓýÍø--ÖйúÕÐÉúÐÅÏ¢¡·×¨À¸Á˽â¹ó£¨Ôº£©Ð£2003Äê¶ÈµÄÕÐÉú¼Æ»®¼°Ïà¹ØÇé¿ö£¬ÌØÉè Á¢¸Ã·þÎñרÀ¸¡£ 2003Äê¶ÈÈ«¹ú¸÷µØ¸ßУÕÐÉú¼Æ»®ÊÇÒÔ¿çÄê¶ÈµÄÐÎʽ·¢²¼£¬ÖØÔÚÐû´«Õ¹Ê¾ ¹óУµÄÆ·ÅÆÐÎÏóºÍʦ×ÊÁ¦Á¿¡¢×¨ÒµÌØÉ«¡¢ÈíÓ²¼þÉèÊ©µÈÇé¿ö£»Í¬Ê±ÔÚ¡¶Öйú½ÌÓýÍø--¸ßУÍƼö¡·×¨À¸ÖÐ ÌرðÍƼö¡£ Öйú½ÌÓýÍø£¨www.ChinaEduNet.com£©£¬Ïã¸ÛÌØÇøÕþ¸®×¢ ²áºÅ¡¾18159887-030-01-02-5¡¿£¬ÏµÓÉÖйú½ÌÓý¼ÒлáÖ÷°ì£¬²¢»ñÊÀ½ç»ªÈ˽»Á÷лᣨÏã¸Û£©È«ÇòÍÆ ¼ö£¬ÔÚÐÅÏ¢´«Ëͺͷ¢²¼·½Ê½µÈ·½ÃæÓÐ×ÅÁ¼ºÃµÄÉç»áÉùÓþ£¬·¢²¼µÄÐÅÏ¢¾ßÓÐȨÍþÐÔ¡¢È«ÃæÐÔ¡¢¸ßЧÐԺͼ° ʱÐÔµÄÌص㡣³ÏÑû¹ó£¨Ôº£©Ð£¼ÓÃË£¬¹²Í¬´Ù½øÖйú½ÌÓýÊÂÒµµÄ·¢Õ¹£¡ ±¾´Î»î¶¯µÄÖ÷ÌåÄÚÈÝΪ£º Ò»¡¢Ðû´«ÍƼö²¿·Ö¸ßУµÄÆ·ÅÆÐÎÏó¼°2003Äê¶ÈµÄÕÐÉú¼Æ»®£¬ÖÜÆÚΪһÄ꣬¼´£º2002Äê9 ÔÂ-2003Äê9Ô£» ¶þ¡¢²Î¼Ó´Ë´ÎÐû´«ÕÐÉúµÄԺУ£¬ÔÚ¡¶Öйú½ÌÓýÍø--¸ßУÍƼö¡·×¨À¸×öÖصãÍƼö£¨Ã¿Ê¡ÊÐ ·ÖÀàÍƼöÊ®ËùÔº¡¢Ð££¬°´±¨ÃûÏȺóÅÅÁУ©£» Èý¡¢¿¯µÇÐÅÏ¢Ãâ·ÑÐÞ¸Ä/¸üÐÂ5´Î£¬ÒÔ±ãÔÚÕÐÉú¼Æ»®Óëʵ¼ÊÇé¿ö²»·ûʱ×ö¼°Ê±¸ü¸Ä£» ËÄ¡¢´Ë´Î»î¶¯£¬ÊÕ·ÑΪÈý¸öÔ£¨ÕÐÉú»Æ½ðÔ£º6¡¢7¡¢8£©£¬È«Äê·¢²¼¡£ Êշѱê×¼£º6800 Ôª¡£ Ïã¸ÛµØÖ·£º Ïã¸ÛÓ¢»ÊµÀ14ºÅÇÈÐË´óÏÃ16/FÂ¥F×ù ͶËßÐÅÏ䣺Ïã¸ÛÐË·¢½ÖÓÊÕþ¾Ö38196ÐÅÏä ÊÕ µç »°£º852-2915.6312 ´« Õ棺852-2915.6313 E-mail:[EMAIL PROTECTED] ±±¾©µØÖ·£º ±±¾©ÊÐÑÇÔË´å´óÍÍ·¿ÚÌì´´ÊÀÔµ´óÏÃD1×ù9²ã910 ÁªÏµÈË£ºÂÞÏÈÉú °²Ð¡½ã ÐÅ Ï䣺±±¾©ÊÐ100101-76ÐÅÏä Öйú½ÌÓýÍø ÊÕ µç »°£º010-6480.3078 ´« Õ棺010-6480.3077 E-mail: [EMAIL PROTECTED] »ã¿î·½Ê½£º Óʾֻã¿î£º±±¾©ÊÐ100101-76ÐÅÏä ²ÆÎñ¿Æ ÊÕ ÓÊÕþ±àÂ룺100101 ÒøÐлã¿î£º¿ª»§ÐУºÖйú½¨ÉèÒøÐб±¾©Êа²»ªÖ§ÐÐ ÕÊ ºÅ£º2610047204 ¿ª»§Ãû£º±±¾©ÊÀ»ªÌìµØÍøÂç¼¼Êõ·þÎñÓÐÏÞ¹«Ë¾ ¡¡ powered by batchmailer http://www.maillistchina.comÂòȺ·¢Èí¼þ,ËÍÓʼþÁбí
Wake Up The Mental Genius Within You Instantly...... inv
You can wake up the mental genius within you instantly! Mantic VII Gives You Instant Mental Psychic Powers Solves the problems of Love-Money-Career with this psychic power. These are not idle wordsthey are "fact" as I am about to prove to you. Click Here for Full FREE Details! Get Removed From Further Mailings ouvcqhbyxjbvoymmevxb
Re: Sending bricks through the mail
I sent the link to Peter direct yesterday, but if anyone else is interested-- http://www.improb.com/airchives/paperair/volume6/v6i4/postal-6-4.html ~SAM From: Major Variola (ret) [EMAIL PROTECTED] Date: Mon, 04 Nov 2002 08:26:17 -0800 To: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: RE: Sending bricks through the mail At 11:17 PM 11/3/02 +0100, Thoenen, Peter Mr. EPS wrote: Tried emailing direct but bounced so apologize to the list for the OT content :) You don't happen to have the url do you? Think it would make an amusing read. Sorry, no. BTW, my nym is for humor value, and spam-avoidance, not replies.
Cointel is back: meet any new arabic-speaking guys in shiny shoes?
[EMAIL PROTECTED] (Major Variola ret) writes: http://www.washtimes.com/national/20021104-81830128.htm Officials attempt to get inside cells of al Qaeda in U.S. By Richard Sale UNITED PRESS INTERNATIONAL Local and federal law-enforcement agencies are attempting to infiltrate al Qaeda sleeper cells operating in the United States and are using disinformation campaigns to expose and neutralize the terror groups that continue to communicate with one another, U.S. intelligence officials say. FBI officials say recent electronic intercepts of communications between some al Qaeda groups show that they are talking to each other. The cells are up and active, an FBI official said of the groups believed to be embedded in most U.S. cities with sizable Islamic communities, such as New York, Detroit and Los Angeles. In a review of ongoing U.S. operations, United Press International was briefed on the al Qaeda investigations by several current and former intelligence officers, all of whom asked not to be identified by name. Former CIA and Defense Intelligence Agency officials say the terrorists choose run-down neighborhoods because in a place like that, you are invisible. People don't care about you; they don't want to look at you and don't look at you, as one put it. A former senior U.S. intelligence official explained: The members of cells don't think of themselves as raiding parties but as the front end of an invasion. If they can attack, blow things up and disrupt society, they believe there will be mass defections to Islam and society will collapse. They can then set up an Islamic state. The cells, these sources said, are made up of U.S.-born Muslims and immigrants from Pakistan, Saudi Arabia and the Persian Gulf states, and number in the thousands. Most are thought to have entered the country some time ago and are deeply entrenched in their communities. To root them out, the FBI has been busy developing a network of informers in Muslim neighborhoods, including nightclub owners, waiters and merchants, a federal law-enforcement official said. Intelligence is the chief tool in the war on terror, a senior former Pentagon intelligence official said. Intelligence is really just a giant research operation where you rely on huge archival files, he said. It's the most effective weapon you've got. The next and best weapon in the war against the cells is infiltration. A longtime covert operations specialist said law enforcement is using agents who are Arabs and fluent in Arabic, who then look for ways to get inside the community where the cell members worship. Their next goal is to find out about the social structure: Where do they worship, where do they entertain, what do they talk about? he said. If it is known where they socialize and there is probable cause, local police might be able to place eavesdropping devices on the premises, he said. The goal is to identify and eliminate leaders, a former CIA official said. As the FBI and other law-enforcement agencies gain knowledge, any rivalries among group members can be exploited, using disinformation to convince some cell members that others are informers or traitors. One FBI official explained that the purpose is to disrupt hostile organizations, and that FBI tactics go back to 1956, when the FBI established its Cointelpro (counterintelligence program.) This official said the program pitted one group or even members of a single group against another like gladiators in ancient Rome. The program has been used successfully against such groups as the Black Panthers and the Ku Klux Klan, he said
Re: What email encryption is actually in use?
-BEGIN PGP SIGNED MESSAGE- If you signed your messages on a regular basis, it would let me know whether or not you're the same Tim May, I've been reading since back when toad.com was the only server for the list. If you're key was signed by anyone I've dealt with, who I know will actually check your id, it would increase my confidence that you really are Tim May, and not just a net persona. It doen't make one iota of difference, whether you choose to distribute your key or not. Your ideas are usually thought provoking, and consistent enough to form a persona in the minds of the list readers. Or at least, in mine. I know you know (whether or not you agree) with the above. It just struck me as humourous that you'd sign the post, with the comment to the effect that there isn't much point in doing so, with a key that isn't on the servers. Do you see the PGP web of trust as completly useless? As to who I am, well... I'm a programmer, living in London, Ont. Canada. I've been lurking, off and on, since 94 or so. I don't think I've actually posted anything to the list since back in 96, when I wrote a freeware program to simplify using PGP with dos based offline mail readers (MPI.ZIP). While I normally promote privacy issues, only with those I meet face to face, I still consider myself a cypherpunk. I normally only post to the list, when my point of view isn't being expressed by any of the regular posters. Regards, Dave Hodgins. Tim May wrote: On Sunday, November 3, 2002, at 06:14 PM, David W. Hodgins wrote: -BEGIN PGP SIGNED MESSAGE- The advantages really disappear, when the key used to sign the message isn't sent to the key servers {:. Those who need to know, know. You, I've never seen before. Even if you found my key at the Liberal Institution of Technology, what would it mean? Parts of the PGP model are ideologically brain-dead. I attribute this to left-wing peacenik politics of some of the early folks. - --Tim May -BEGIN PGP SIGNATURE- Version: PGPfreeware 7.0.3 for non-commercial use http://www.pgp.com iQEVAwUBPcXu94s+asmeZwNpAQFQuAf+LbwrdQV8CPAc/lw2AF5HPvKLGopHCj3i tFR+drfFAYDDA6UHMPJOFxzDdhFYrRbhQ3c3cSkExSSoI7Mce389KPdGimWQZTJZ rCYyvnXtG+S//ya8yCELXC3SSwwra0+laPpoSz6lseIU6YJUYFyMLnnXaH5gpxHi O7TtK8kfPFQVVdbBuJC4mp9SjNO3DqIM29UbPSrf9KZ1w2zPXA4eov9GL9jjU808 CzT+wncCYaE1EU8cT3C+TFJyd8r8B1S6CLbjX9hC71kIt5bVUt1EHMHUx8u2YaXZ i4o2kKQGePbJvIIiOuwngIUOuwnbgLlGO7+zhsL4y2UuXeJ1/W5NVQ== =8BJt -END PGP SIGNATURE-
Re: What email encryption is actually in use?
at Monday, November 04, 2002 2:28 AM, Tim May [EMAIL PROTECTED] was seen to say: Those who need to know, know. Which of course is a viable model, provided you are only using your key for private email to those who need to know if you are using it for signatures posted to a mailing list though, it just looks silly. You, I've never seen before. Even if you found my key at the Liberal Institution of Technology, what would it mean? it would at least give us a chance to check the integrity of your post (what a sig is for after all) and anyone faking your key on the servers would have to prevent you ever seeing one of your own posts (so that you can't check the signature yourself) Parts of the PGP model are ideologically brain-dead. I attribute this to left-wing peacenik politics of some of the early folks. The Web-of-Trust model is mildly broken - all you can really say about it is that it is better than the alternatives (X509 is not only badly broken, but badly broken for the purpose of hierachical control and/or profit) In the current case, one reason to sign important posts is to establish a pattern of ownership for posts, independent of real-world identity. If I know that posts a,b c sent from nym x are all signed, I will be reasonably confident that key y is owned by the normal poster of nym x. that I don't know who that is in meatspace is pretty irrelevant. Where both systems break down is when trying to assert that key y is tied to anything but an email address (or possibly a static IP). There is little to bind a key to anything or anyone in the real world, unless you meet in person, know each other reasonably well (if only via third parties that can identify you both) and exchange fingerprints. in fact, WoT is simply an attempt to automate this process offline, so that you can be introduced to someone by a third party without all three of you having to meet; you still have to make a value judgement based on how sure you are about the third party's reliability and how confident they seem about the identity of x - however in the real world, both of those are vague, hard-to-define values and in the WoT they are rigid (you have a choice of two levels of trust for an introducer, and no way to encode how much third parties should rely on your identification)
Re: What email encryption is actually in use?
On Saturday November 2 2002 11:09, Adam Shostack wrote: I'd be interested to hear how often email content is protected by any form of crypto, including IPsec, Starttls, ssh delivery, or PGP or SMIME. There's probably an interesting paper in going out and looking at this. I use GnuPG to the people I know that have it. Admittedly that number is rather low but I am working on raising it. My e-mail client will do SSL and TLS so most if not all of my messages are protected at least to and from the ISP's servers. I would like to use GnuPG (my OpenPGP application of choice) more often. Unfortunately the number of people that have it is too low to make this practical and providers like AOL making it very difficult to use encryption with their proprietary e-mail clients pushes the number even lower than it should be. Part of the problem is too many people not realizing that one sending e-mail in the clear means that one trusts their ISP's admins, the receiving ISP's admins, and anyone with root (or possibly even just physical access) on a network between them. All it takes is one untrustworthy person snooping on the wire and there goes your privacy. Granted, yes, it's a violation of laws like the ECPA (in the US) to do so, but when there are potentially dozens of people who could have divulged a message, how does one know who to prosecute? -- Shawn K. Quinn
RE: Intel's LaGrab
Tim wrote: Microsoft calls its technology Palladium. Intel dubs it LaGrande. I say we call it LaGrab. Has anybody on the list seen any official specs, datasheets, etc. for Intel's LaGrande feature set? Any documents that could be donated to Cryptome's collection? So far, all I have been able to locate are vague press releases, marketing blather, and wild-eyed promises of hack-proofing computers. TIA, --Lucky
RE: What email encryption is actually in use?
Tim May[SMTP:[EMAIL PROTECTED]] On Saturday, November 2, 2002, at 08:01 PM, Tyler Durden wrote: Prior to that, the encrypted email I've sent in the past year or so has almost always failed, because of version incompatibilities, While in Telecom I was auditing optical transport gear, and we adopted the practice of encrypting all of our audit reports to vendors. Of course, the chance of there being an eavesdropper (uh...other than NSA, that is) was a plank energy above zero, but it gave the vendors the imporession we really cared a lot about their intellectual property (if we determined a problem with their equipment, and if that info ever leaked, it could have a major impact on them). When I was at Intel we sent our designs for microprocessors to European branches and/or partners. One set of designs sent to MATRA/Harris, a partner in the 80C86, was stolen in transit. (The box of tapes arrived in Paris, but the tapes had been replaced by the suitable weight of bricks.) I suspect that there is a fair amount of encrypted mail flowing over the net which is not obvious to ISPs. It's internal mail of large corporations. Many corps maintain VPNs between their offices, with encryption handled at the firewall. A great deal of highly sensitive internal email flows over these links, with the encryption totally transparent to the end-users. Of course, this is just internal stuff. The external mail is as open as everyone's been saying. Peter Trei
RE: Katy, bar the door
Major Variola (ret)[SMTP:[EMAIL PROTECTED]] When that trucker kamakazi'd into the state capital in Sacramento last year, they decided to put Jersey barriers up. Hard to do that in the air (Blimps with nets?) The name for these is 'barrage balloons'. They were widely deployed during WW2 against dive bombers and ground-attack fighters. I suspect they are less useful today for this purpose, due to the increased distances of attack, but they might make life harder for cruise missiles and other UAVs. Plan to see them over Baghdad. Peter Trei
RE: Intel's LaGrab
On Sun, 3 Nov 2002, Lucky Green wrote: Tim wrote: Microsoft calls its technology Palladium. Intel dubs it LaGrande. I say we call it LaGrab. Has anybody on the list seen any official specs, datasheets, etc. for Intel's LaGrande feature set? Any documents that could be donated to Cryptome's collection? So far, all I have been able to locate are vague press releases, marketing blather, and wild-eyed promises of hack-proofing computers. I didn't think any of it was near finalized yet. Even the comments here from people working close to it indicate it isn't finished. I suggest LaGrande Screw. Once in place, it will be pretty easy for Microsoft to screw everyone who owns a Paladium machine! Patience, persistence, truth, Dr. mike
Re: What email encryption is actually in use?
at Monday, November 04, 2002 3:13 PM, Tyler Durden This is an interesting issue...how much information can be gleaned from encrypted payloads? Usually, the VPN is an encrypted tunnel from a specified IP (individual pc or lan) to another specified IP (the outer marker of the lan, usually the firewall/vpn combo box but of course that function can be split if needs be) sniffers can usually catch at least some of the initial login - normally a host name or user name is passed unencrypted as part of the setup - but any actual mail traffic will be indistinguishable from any other traffic; it is encapsulation of IP packets in an outer encrypted wrapper. similar statements can usually be made for Zeb, SSH and other similar tunnels - each encapsulates a low level (almost raw in the case of strict tunnels like zeb or ssh) packet passing tunnel in a crypto skin.
RE: Sending bricks through the mail
At 11:17 PM 11/3/02 +0100, Thoenen, Peter Mr. EPS wrote: Tried emailing direct but bounced so apologize to the list for the OT content :) You don't happen to have the url do you? Think it would make an amusing read. Sorry, no. BTW, my nym is for humor value, and spam-avoidance, not replies.
Blacknet hits the trade press
EWeek 21 Oct 2002 p 58, High-tech products invite tech crimes P. Coffee Writing about a consultant who tried to sell a client's software, and got busted: Next time, a code theif may use a BlackNet brokerage (as envisioned in the widely circulated essay by Timothy May) to avoid such traps. [He is commenting on whereas stolen chips are valuable to many, stolen software is valuable only to a few...]
RE: What email encryption is actually in use?
At 10:13 AM 11/4/02 -0500, Tyler Durden wrote: This is an interesting issue...how much information can be gleaned from encrypted payloads? Traffic analysis (who, how frequently, temporal patterns) Size of payload Is it possible for a switch or whatever that has visibility up to layers 4/5/6 to determine (at least) what type of file is being sent? Yes. Modern network equiptment can examine all the way up to layer 7. Can tell that you're sending an .mp3 and will cut your QoS, if that's the policy. Can it determine at what layer encryption was performed? Various packet classification hardware companies [1] make chips to find fields in headers. (The classification chips pass this info to the NPU) IPsec, SSL are trivial. App-level crypto is easy if the crypto has signatures, like -BEGIN PGP MESSAGE-. Steganography + encryption, however, is pretty tough. The S/N ratio can become useless due to false alarms. The Feds probably have an enormous collection of intercepted arab baby pictures... [1] Here's a blurb from http://solidum.com/products/index.cfm Based on programmable state machine technology and a powerful, openly-distributed pattern description language, our scalable, forward-compatible, and field-upgradable classification processors can be configured to closely inspect packets for vital information up to and including Layer 7. The information collected can then be used to make intelligent routing and switching decisions for service, application, and QoS requirements. This improves the speed, power and efficiency of next generation network processing architectures, facilitates the delivery of content-based services and enables true QoS for differentiated services. --- CALEA: What did you think layer 7 awareness meant?
RE: What email encryption is actually in use?
Most the ones I've seen are IPSEC over IPv4. You might be able to glean some info from packet size, timing, and ordering, but not much. IPSEC takes a plaintext IP packet and treats the whole thing as a data block to be encrypted. SO this would indicate that IPSEC creates a sort of blockage from seeing up to Layers 4/5/6. Now when you say it takes the IP packet, is this just the datagram or is it also he procotol bytes? (I'm assuming the layer-2 information remains intact.) If the protocol bytes are unencrypted, then there's a LOT that can probably be determined about any IP session. If the protocol bytes are encrypted, then this will ot be a very flexible session, no? (More of a secure pipe I guess.) And then, does IPSEC include specification for MPLS? I would assume that the MPLS header information is not encrypted, simply because the headers have no global significance... From: Trei, Peter [EMAIL PROTECTED] To: [EMAIL PROTECTED], 'Tyler Durden' [EMAIL PROTECTED] Subject: RE: What email encryption is actually in use? Date: Mon, 4 Nov 2002 11:00:56 -0500 -- From: Tyler Durden[SMTP:[EMAIL PROTECTED]] Sent: Monday, November 04, 2002 10:13 AM To: [EMAIL PROTECTED] Subject: RE: What email encryption is actually in use? The ever-though-provoking Peter Trei wrote... A great deal of highly sensitive internal email flows over these links, with the encryption totally transparent to the end-users. This is an interesting issue...how much information can be gleaned from encrypted payloads? Is it possible for a switch or whatever that has visibility up to layers 4/5/6 to determine (at least) what type of file is being sent? Can it determine at what layer encryption was performed? (These may be obvious to many of you, but I can only claim expertise in layers 0/1, and pieces of 2. Ok, I have a working knowledge of 3.) It may be possible for hardware that examines large numbers of communiques to pre-determine that much is of no interest. Most the ones I've seen are IPSEC over IPv4. You might be able to glean some info from packet size, timing, and ordering, but not much. IPSEC takes a plaintext IP packet and treats the whole thing as a data block to be encrypted. _ Surf the Web without missing calls! Get MSN Broadband. http://resourcecenter.msn.com/access/plans/freeactivation.asp
RE: What email encryption is actually in use?
Tyler Durden[SMTP:[EMAIL PROTECTED]] writes: Most the ones I've seen are IPSEC over IPv4. You might be able to glean some info from packet size, timing, and ordering, but not much. IPSEC takes a plaintext IP packet and treats the whole thing as a data block to be encrypted. SO this would indicate that IPSEC creates a sort of blockage from seeing up to Layers 4/5/6. Now when you say it takes the IP packet, is this just the datagram or is it also he procotol bytes? (I'm assuming the layer-2 information remains intact.) If the protocol bytes are unencrypted, then there's a LOT that can probably be determined about any IP session. If the protocol bytes are encrypted, then this will ot be a very flexible session, no? (More of a secure pipe I guess.) And then, does IPSEC include specification for MPLS? I would assume that the MPLS header information is not encrypted, simply because the headers have no global significance... It's a pipe. The whole plaintext IP packet, from start to finish, including headers and checksum, gets treated as data, and encrypted. The encrypted packet is the data for a new packet, which goes from one firewall to another (and has only the firewall IP addresses exposed). The packets visible on the outside only tell Eve that firewall A sent firewall B an IPSEC packet of a certain size, with a particular Security Association. (ie, the protocol field says 'this is an IPSEC packet'). A single SA can be used for many, many, internal connections. Check the IPSEC RFCs for more info. Peter Trei
RE: What email encryption is actually in use?
Tyler Durden[SMTP:[EMAIL PROTECTED]] wrote But from your previous email, you indicated that the secure IPSEC tunnel is created by taking the packets, encrypting S/A, D/A, payload and protocol fields (ie, pretty much everything) and then dumping them into the payload of another packet, and setting the Protocol field of the parent-packet to IPSEC. All that is now visible are the firewall addresses. That's a lot, methinks! In other words, there's practically a bright red flag sticking up saying I'm encrypted! Look over here!...it's child's play (well, if you consider making an ASIC child's play!) to then look at the S/A and D/a to see if they are interesting. If they belong to the IP spaces of two large companies, for instance, then look elsewhere (though I hear rumors that the NSAs of the world are branching out into industrial eavesdropping for their parent companies, ehr, for their parent countries). If a secure VPN tunnel forms between al-Jazeera's firewall and, say, some ISP near Atlantic Avenue in Brooklyn (heavy Arab community), then all sorts of spyglasses could pop up. The title of this thread is What email encryption is actually in use?. I posted that a lot intra-company email often goes over encrypted VPNs between worksites, and that this should be considered in trying to figure out how much email is encrypted. After some back and forth to educate you on how IPSEC tunneling works, you now understand, but it turns out that that was not what you were interested in. VPNs no more raise a red flag than does any other form of encrypted communication without steganography. If your threat model includes end-point identification, then use alt.anonymous.messages. If traffic analysis is also a worry, use stego. VPNs are probably responsible for more encrypted traffic than anything else on the net, and meet corporate threat models very well. If your threat model is different, you may need a different solution. Peter Trei
Re: What email encryption is actually in use?
On Sun, Nov 03, 2002 at 11:23:36AM -0800, Tim May wrote: - -- treat text as text, to be sent via whichever mail program one uses, or whichever chatroom software (not that encrypted chat rooms are likely...but who knows?), or whichever news reader software http://www.invisible.net is sort of an encrypted chatroom. -- Windows, Icons, Mice and Pointers. A jedi craves not these things.
CARDIS '02 - 5th Smart Card Research and Advanced Application Conference
Dear colleague - I'd like to invite you to attend the 5th Smart Card Research and Advanced Application Conference, November 21-22 in San Jose, CA. http://www.usenix.org/events/cardis02/ CARDIS '02, the joint IFIP/USENIX International Conference on Smart Card Research and Advanced Applications, will bring together researchers and practitioners in the development and deployment of smart card systems and technologies. This two-day conference features: Keynote speaker Vincent Cordonnier, LIFL; 14 refereed papers; panel discussions; Work-In-Progress reports as well as ample opportunities to informally interact with fellow attendees and speakers. Unlike events devoted to commercial and application aspects of smart cards, the CARDIS conferences bring together researchers who are active in all aspects of the design, validation, and application of smart cards. The breadth of smart card research stimulates a synergy among disparate research communities, making CARDIS an ideal opportunity to explore and learn from the latest research advances. We hope you will join us in San Jose. On behalf of the program committee - Peter Honeyman, CITI, University of Michigan CARDIS '02 Program Chair -- Alex Walker Production Editor USENIX Association 2560 Ninth Street, Suite 215 Berkeley, CA 94710 510/528-8649 x33
RE: Sending bricks through the mail
I think this is what you're looking for: http://www.improb.com/airchives/paperair/volume6/v6i4/postal-6-4.html At 11:17 PM 11/3/02 +0100, Thoenen, Peter Mr. EPS wrote: Tried emailing direct but bounced so apologize to the list for the OT content :) You don't happen to have the url do you? Think it would make an amusing read.
traffic analysis of VPN/secure tunnels (Re: What email encryption is actually in use?)
On Mon, Nov 04, 2002 at 12:58:55PM -0500, Trei, Peter wrote: Durden's question was whether a snooper on an IPSEC VPN can tell (for example) an encrypted email packet from an encrypted HTTP request. The answer is no. All Eve can tell is the FW1 sent FW2 a packet of a certain size. The protocol of the encapsulated IP packet, it's true source behind FW1, it's true destination behind FW2, and the true destination port are all hidden. An external obseverer being able to tell the time of exchange or percentage of traffic which is email vs http through a VPN probably isn't a big deal to most people. But if someone did care, it may be that you could have some probabilistic indication of whether the traffic is email or http (or other distinctions) based on the size of the packets, the timing that kind of thing. As there are different internal originating-points (mail hub, vs desktop/desktop+proxy cache), probably aspects of the hardware, TCP stack and application performance and behavior would leave some still recognizable performance and IP packet size signature. A more direct traffic-analysis type of risk is interactive session protocols like telnet, perhaps some chat programs where the characters are sent as they are typed. In this scenario it may be that an attacker could reconstruct the plaintext by analysing typing characteristics. (There was a paper about this risk for interactive sessions over SSH published a while back -- don't have the reference handy, probably google could find it). Another related type of risk is that SSL does not necessarily obsecure the page requested as the request and/or response may have unique, predictable and publicly measurable size uniquely identifying the document requested. Adam -- http://www.cypherspace.org/adam/